When it comes to information security, the best offense is a good defense. But Ohio University's strategy seems to be to ignore security weaknesses for as long as possible and then apologize after those weaknesses have been exploited.
Over winter break, a computer hard drive containing students' personal information - including Social Security numbers - was stolen from OU's Chillicothe campus, according to the Chillicothe Gazette. The information was stored in specialized software, and there has been no evidence that any of the information has been accessed or used inappropriately. However, it is troubling that access to secure student information is so easy to come by.
Ohio University has a history of being reckless with private information. In 2006, a security breach compromised the Social Security numbers of 137,800 donors and alumni. Another breach later that year left the medical records of 60,000 students vulnerable.
Data theft via stolen computers isn't a new concept to the Buckeye State, either. Last year, two laptop computers with the names and Social Security numbers of 3,500 current and former students were taken from the home of an Ohio State University professor. A few months later, the Columbus Dispatch reported that a data storage device was stolen from a state agency intern, affecting 64,000 state employees.
We should know better by now. It's time for OU to start taking security seriously, before the university is seriously sued - like OU needs any more lawsuits.
4 Opinion
OU needs to protect private information
